A security hole is being exploited by a worm Win32/Conficker.A which is going around on Windows machines. According to an announcement from Microsoft, a security patch for this hole was released in the month of October.
A security update MS08-067 addressed a critical vulnerability which is being exploited as seen by the increased number of attacks in the last two days.
In a blog post on Microsoft Malware Protection Center, Microsoft said that although this malware has affected hundreds of home PCs, it is spreading most in big corporations.
It works by acting like a Web server. This happens by opening of a random port between 1024 and 10000. The MS08-067 is then exploited to enable the bug to randomly spread on to different computers on the network. Upon access, the remote computer via its HTTP downloads the copy of the worm with the help of the random port.
This worm is saved as a random dll on the local system folder after being copied with the help of the JPG extension. API which is vulnerable is patched by the worm in the memory making the machine not so vulnerable anymore, which is quite interesting, said Microsoft. The reason for this could be that the authors do not want other malware to access the computer.
While US PCs looks to be the target as most infections are here, reports have come in from other countries like Taiwan, Canada, Spain, Germany, Italy, Japan, etc. Microsoft also said for some strange reason, Ukrainian computers are not affected by this worm.
